我在 ubuntu 上配置了 l2tp/ipsec 服务器
我也在此服务器上安装了 openvpn 客户端
我需要当 l2tp 客户端连接到此服务器时将流量转发到 openvpn 并且客户端获取 openvpn 服务器 ip 地址:
(例如如果 l2tp 服务器公网 IP 是 1.2.3.4 而 openvpn 服务器是 1.2.3.5 当 l2tp 客户端连接到服务器时获取 1.2.3.5 公网 IP 地址)
l2tp 客户端 <--> l2tp 服务器 <-- openvpn 客户端 --> openvpn 服务器
l2tp 客户端子网:192.168.42.0/24
openvpn 客户端:tun0:inet 10.8.0.2 网络掩码 255.255.255.0 目标 10.8.0.2
我的 iptables 和路由:
# Generated by iptables-save v1.6.1 on Tue Dec 3 16:45:27 2019
*nat
:PREROUTING ACCEPT [246:15683]
:INPUT ACCEPT [177:11140]
:OUTPUT ACCEPT [58:3868]
:POSTROUTING ACCEPT [58:3868]
-A POSTROUTING -s 192.168.42.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Dec 3 16:45:27 2019
# Generated by iptables-save v1.6.1 on Tue Dec 3 16:45:27 2019
*filter
:INPUT ACCEPT [168:8188]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4628:1611471]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
-A FORWARD -i eth0 -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -s 192.168.42.0/24 -d 192.168.42.0/24 -i ppp+ -o ppp+ -j ACCEPT
-A FORWARD -j DROP
COMMIT
# Completed on Tue Dec 3 16:45:27 2019
root@softeth:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default static.160.93.2 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
static.93.169.4 static.160.93.2 255.255.255.255 UGH 0 0 0 eth0
95.217.93.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
谢谢